The threat of computer viruses, worms and other types of malicious software are now commonplace in computer systems. And as the number of data-centric mobile devices grows (e.g., mobile telephones), these devices also will become attractive targets for computer viruses, SMS spam and other malicious software. Many of these handheld devices run the same operating systems thus making it easier for unscrupulous parties to distribute malicious software and to disrupt mobile telephone usage. In addition to frustrating consumers, computer viruses and message spam cause individuals and companies to suffer from lost productivity and the high cost of fixing any problems.
Computer viruses and other malware can arrive at a mobile device through a variety of delivery vectors and actions. These actions include: inserting an infected storage card into the device; synchronizing the device with a computer that downloads an infected file; downloading an infected file from the Web to the device; using the wireless application protocol (WAP) that pushes a suspect Web link containing an infected file to the mobile device; using a Bluetooth or infrared transmission that pushes an infected file from one mobile device to another; using a wireless network; etc.
For example, more and more malicious software is now targeting operating systems of mobile telephones. The “SYMBOS_FONTAL.B” computer virus affects mobile devices running the Symbian operating system including a variety of mobile telephones. The virus is downloaded over the Internet or other network and pretends to be a Nokia antivirus application; it tricks the user into installing it on their mobile telephone. Upon installation it displays a benign message and prompts the user to restart the device. Once the device restarts the virus causes the device to constantly restart; the only way a to fix the problem is to restore the factory settings on the telephone, thus erasing any personal information or other data that the user had stored on the telephone.
It is possible to run antivirus software utilizing a virus pattern on a mobile telephone in order to detect a software virus or other malware. But, using a virus pattern to detect known viruses and malware requires not only that the pattern be downloaded to the telephone in the first place, but also that the pattern be updated periodically.
Currently there are two techniques for updating a virus pattern on a mobile telephone. One technique is to receive a virus pattern update over a TCP/IP connection. The mobile telephone user connects to an update server over a wireless connection that supports the TCP/IP protocol. (Or, the user connects the mobile telephone to his or her computer in order to directly download the new virus pattern.) Typically, this update server is the normal antivirus update server used to obtain updates over a wired connection to personal computers. Unfortunately, this technique relies upon the user to connect and perform the update when he or she remembers to do so. Therefore, the update is often not timely. Sometimes the antivirus software provider will send an SMS message to remind the user to perform an update. (In a variation, specially formatted SMS messages display an alert message to the user and provide the option of connecting directly to a particular URL via the mobile telephones WAP browser.) But, because a wireless network typically has low bandwidth, the network may become overloaded if all users attempt to perform an update at the same time from the update server.
The second technique is to use the short message service (SMS) to perform the update. The antivirus software provider uses SMS to make a new pattern available to the mobile telephone user. But, because SMS has a body length limit of 140 bytes, it is not possible to send the entire new pattern to the mobile telephone using SMS. Only the pattern differential between the old pattern and the new pattern can be sent using SMS. Also, the pattern file format must be designed so that it is easy to merge the old pattern with the pattern differential. Further, SMS can be unstable; if an SMS update is lost the mobile telephone may be left without the full pattern and no virus detection capability.
FIG. 1 illustrates a prior art virus pattern update using SMS. A mobile telephone user 20 has a mobile telephone 22 that incorporates antivirus software that uses a virus pattern file to detect computer viruses and other malware. The virus pattern file periodically needs updating. A mobile management center 30 makes a determination that it is time to update the pattern on the user's mobile telephone and sends a request 40 for the latest pattern to an update source 44. The update source returns the new pattern 46 to the mobile management center that then creates a differential between the old pattern and the new pattern. This pattern differential is sent via SMS to an SMSC (Short Message Service Center) 64 that then relays an SMS message incorporating the pattern differential to the user's telephone 22. The antivirus software on the telephone then applies the pattern differential to the old pattern in order to obtain the new virus pattern. As discussed above, this technique has drawbacks.
Accordingly, a technique is desired that would allow users of mobile telephones and other wireless handheld devices to simply and easily obtain virus pattern updates for their mobile telephones in a timely manner.